When communicating via HTTPS, an application should validate the SSL chain to be sure that the certificate produced by the site was provided by a trusted root certificate authority (CA). Multiple Android applications fail to properly validate SSL certificates. Additional information can be found in the CERT Oracle Secure Coding Standard for Java: